Lucene search
RootSSV:15004HistoryDec 02, 2009 - 12:00 a.m.
MySQL CREATE TABLE调用绕过访问限制漏洞
2009-12-0200:00:00
Root
www.seebug.org
103
0.007 Low
EPSS
Percentile
77.7%
CVE ID: CVE-2008-7247
MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。
当数据主目录包含有到不同文件系统的符号链接时,MySQL的ql/sql_table.cc允许通过认证的远程攻击者通过以特殊DATA DIRECTORY或INDEX DIRECTORY参数调用CREATE TABLE绕过预期的访问限制,执行各种非授权操作。
MySQL AB MySQL 6.0
MySQL AB MySQL 5.1.x
MySQL AB MySQL 5.0.x
厂商补丁:
MySQL AB
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
openvas
openvas
Mandriva Update for mmc MDVA-2010:044 (mmc)
2010-01-29 00:00:00
MySQL Authenticated Access Restrictions Bypass Vulnerability - Linux
2009-12-04 00:00:00
Mandriva Update for mysql MDVSA-2010:044 (mysql)
2010-02-22 00:00:00
ubuntucve
ubuntucve
CVE-2008-7247
2009-11-30 00:00:00
CVE-2010-1626
2010-05-21 00:00:00
prion
prion
Design/Logic Flaw
2009-11-30 17:30:00
Command injection
2010-05-21 17:30:00
nessus
nessus
Fedora 11 : mysql-5.1.42-7.fc11 (2010-1300)
2010-07-01 00:00:00
MySQL < 6.0.9-alpha / 5.5.3 Access Control Weakness
2012-01-18 00:00:00
Mandriva Linux Security Advisory : mysql (MDVSA-2010:044)
2010-07-30 00:00:00
cve
cve
CVE-2008-7247
2009-11-30 17:30:00
CVE-2010-1626
2010-05-21 17:30:00
fedora
fedora
[SECURITY] Fedora 12 Update: mysql-5.1.42-7.fc12
2010-02-02 01:18:20
[SECURITY] Fedora 11 Update: mysql-5.1.42-7.fc11
2010-02-02 01:06:45
[SECURITY] Fedora 11 Update: mysql-5.1.46-1.fc11
2010-05-13 19:27:15
ubuntu
ubuntu
MySQL vulnerabilities
2010-02-10 00:00:00
MySQL vulnerabilities
2012-03-12 00:00:00
seebug
seebug
MySQL vulnerabilities
2010-02-13 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2012-01-05 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44